Learn how to securely handle user documents in authentication and onboarding systems to protect data, ensure compliance, and prevent breaches.

The post Handling User Documents Securely in Authentication and Onboarding Systems appeared first on Security Boulevard.

As API and AI adoption grows across the Middle East, so do the expectations around how data is handled. For many organizations operating in this region, it’s not just about securing applications. It’s about doing it in a way that keeps data in-country and aligned with local requirements. Today, we’re introducing the Wallarm Middle East [...]

The post Introducing Wallarm Middle East Cloud: Built for Data Residency Compliance appeared first on Wallarm.

The post Introducing Wallarm Middle East Cloud: Built for Data Residency Compliance appeared first on Security Boulevard.

What happened A ransomware attack on Sandhills Medical Foundation, a Federally Qualified Community Health Center in McBee, South Carolina, is now the subject of a class action investigation, nearly a year after the incident was first discovered. Sandhills Medical discovered the ransomware attack on May 8, 2025. A forensic investigation determined that an unauthorized third […]

The post Sandhills Medical Foundation Ransomware Breach Draws Class Action Investigation Nearly a Year Later appeared first on CISO Whisperer.

The post Sandhills Medical Foundation Ransomware Breach Draws Class Action Investigation Nearly a Year Later appeared first on Security Boulevard.

What happened CTM360 researchers have uncovered a large-scale fraud operation using Telegram’s Mini App feature to run cryptocurrency scams, impersonate major brands, and distribute Android malware. The platform behind the operation, dubbed FEMITBOT based on a string found in API responses, uses Telegram bots and embedded Mini Apps to create convincing app-like experiences within the […]

The post Telegram Mini Apps Abused for Crypto Scams and Android Malware Delivery appeared first on CISO Whisperer.

The post Telegram Mini Apps Abused for Crypto Scams and Android Malware Delivery appeared first on Security Boulevard.

What happened Frost Bank, San Antonio’s largest bank, is facing two proposed class-action lawsuits following a cyberattack attributed to the Everest ransomware group that allegedly exposed the sensitive personal data of an estimated 109,000 customers. The bank has not publicly confirmed the scope of the breach or reported it to the Texas Attorney General’s Office, […]

The post Frost Bank Hit With Class-Action Lawsuits Over Data Breach Affecting More Than 100,000 Customers appeared first on CISO Whisperer.

The post Frost Bank Hit With Class-Action Lawsuits Over Data Breach Affecting More Than 100,000 Customers appeared first on Security Boulevard.

What happened A cybersecurity incident in late April 2026 targeted Sistemi Informativi, an Italian company wholly owned by IBM Italy that provides IT infrastructure management for public agencies and key private sector organizations. IBM confirmed the breach through an official statement, acknowledging it had identified and contained a cybersecurity incident and activated incident response protocols […]

The post Salt Typhoon Suspected in Breach of IBM Italy Subsidiary Managing Public Infrastructure appeared first on CISO Whisperer.

The post Salt Typhoon Suspected in Breach of IBM Italy Subsidiary Managing Public Infrastructure appeared first on Security Boulevard.

What happened Cyberthint analysts have documented a structural shift in how cyberattacks are conducted, with threat actors now using artificial intelligence to discover and exploit zero-day vulnerabilities in minutes rather than months. The firm identified this transition in late 2024, noting that AI is operating not just as a research assistant but as an active […]

The post Threat Actors Use AI to Automate Zero-Day Discovery and Exploitation at Machine Speed appeared first on CISO Whisperer.

The post Threat Actors Use AI to Automate Zero-Day Discovery and Exploitation at Machine Speed appeared first on Security Boulevard.

What happened A faulty Microsoft Defender antimalware signature update released around April 30, 2026, caused widespread false positive alerts by incorrectly flagging two legitimate DigiCert root certificates as high-severity malware. The detection, labeled Trojan:Win32/Cerdigent.A!dha, identified registry entries belonging to DigiCert Assured ID Root CA and DigiCert Trusted Root G4 as threats and automatically quarantined them […]

The post Microsoft Defender Mistakenly Flags DigiCert Root Certificates as Malware appeared first on CISO Whisperer.

The post Microsoft Defender Mistakenly Flags DigiCert Root Certificates as Malware appeared first on Security Boulevard.

PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers

The post PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers appeared first on Security Boulevard.

Small business owners should be sure to fix these three non-technical risks that require little cybersecurity expertise.

The post 3 easy-to-miss cybersecurity risks for small businesses appeared first on Security Boulevard.

The cyber threat outlooks from CIOs and CISOs at the NASCIO Midyear Conference in Philadelphia ranged from the good to the bad to the ugly — with AI front and center.

The post A Tale of Two States: The 2026 Cybersecurity Paradox appeared first on Security Boulevard.

Security leadership is often associated with emerging threats and advanced technologies, but much of the role comes down to disciplined execution, thoughtful decision-making, and balancing protection with business continuity. In CISO Diaries, we speak with leading CISOs around the world to understand what the role actually looks like beyond frameworks and incident headlines, how security […]

The post CISO Diaries: Victor-Andrei Nicolae on Practical Security, Patience, and AI-Driven Defense appeared first on CISO Whisperer.

The post CISO Diaries: Victor-Andrei Nicolae on Practical Security, Patience, and AI-Driven Defense appeared first on Security Boulevard.

What happened A supply chain attack campaign attributed to TeamPCP, dubbed Mini Shai-Hulud, has compromised packages across the PyPI, NPM, and PHP ecosystems over a two-day period, affecting over 1,800 developer repositories containing stolen credentials. The campaign was first identified on April 29 when malicious versions of four SAP NPM packages were caught delivering information-stealing […]

The post 1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP appeared first on CISO Whisperer.

The post 1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP appeared first on Security Boulevard.

What happened A third iteration of the ConsentFix attack technique has been circulating on hacker forums, introducing automation and scalability to a method that abuses Microsoft Azure’s OAuth2 authorization code flow to hijack accounts without passwords and despite multi-factor authentication being enabled. The original ConsentFix was documented by Push Security in December 2025 as an […]

The post ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts appeared first on CISO Whisperer.

The post ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts appeared first on Security Boulevard.

What happened The FBI issued a public service announcement on April 30, 2026, warning the US transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725 million in 2025. That represents a 60% increase over the prior year. Confirmed cargo theft […]

The post FBI Links Cybercriminals to Sharp Surge in Cargo Theft Attacks appeared first on CISO Whisperer.

The post FBI Links Cybercriminals to Sharp Surge in Cargo Theft Attacks appeared first on Security Boulevard.

What happened Instructure, the company behind the Canvas learning management system, has disclosed that it recently suffered a cybersecurity incident perpetrated by a criminal threat actor and is now investigating its scope with the help of outside forensics experts. The disclosure was made by Chief Security Officer Steve Proud, who committed to transparency as the […]

The post Edtech Firm Instructure Discloses Cyber Incident, Probes Impact appeared first on CISO Whisperer.

The post Edtech Firm Instructure Discloses Cyber Incident, Probes Impact appeared first on Security Boulevard.

What happened Congress approved a 45-day extension of Section 702 of the Foreign Intelligence Surveillance Act on Thursday, hours before the program was set to lapse, pushing the next deadline to June 12. President Trump is expected to sign the legislation before the midnight deadline. The path to the extension was complicated. The day prior, […]

The post Congress Punts FISA Section 702 Renewal to June appeared first on CISO Whisperer.

The post Congress Punts FISA Section 702 Renewal to June appeared first on Security Boulevard.

What happened Ameriprise Financial has disclosed a data breach affecting nearly 48,000 individuals across the United States, following unauthorized access to stored company data and files that began on March 2, 2026. The company detected the intrusion on March 18, approximately 16 days after it began, and filed a breach notification with the Maine attorney […]

The post Ameriprise Financial Data Breach Exposes Personal Information of 48,000 Customers appeared first on CISO Whisperer.

The post Ameriprise Financial Data Breach Exposes Personal Information of 48,000 Customers appeared first on Security Boulevard.

Web application testing with Burp Suite: a practical guide for UK SMEs For many UK SMEs, web applications are now part of day-to-day business. They handle customer logins, staff portals, booking systems, supplier access, and internal admin tasks. That makes them valuable, but it also means they deserve regular security attention. Burp Suite is a […]

The post Web application testing with Burp Suite: a practical guide for UK SMEs appeared first on Clear Path Security Ltd.

The post Web application testing with Burp Suite: a practical guide for UK SMEs appeared first on Security Boulevard.

The financial services ecosystem in India is undergoing rapid digital transformation, and fintech organizations sit at the center of this evolution. With increasing cyber threats targeting digital payments, lending platforms, and financial data, regulatory oversight has intensified. The Reserve Bank of India mandates a strong RBI cybersecurity framework that fintechs must follow to ensure resilience, […]

The post RBI Cybersecurity Compliance Checklist for Fintech Organizations appeared first on Kratikal Blogs.

The post RBI Cybersecurity Compliance Checklist for Fintech Organizations appeared first on Security Boulevard.